Security FAQ

As any good online service (SAAS) does we keep the data and privacy of our users very secure. We take securing your data very seriously. We store your data on Amazon Web Services (AWS) and secure our code off-site and in the cloud, as they say now a days, with GitHub. GitHub is a web-based revision control hosting service for software development.

Data Center Security

The Amazon Web Services control panel is only accessible over HTTP Secure Sockets Layer(SSL). Individual server instances are fire walled, and access is restricted to necessary ports and IP addresses. In addition, database and file system backups are encrypted using GNU Privacy guard (GPG) before transfer and storage (for more information visit the AWS website )Terminal access to AWS sever instances users the Secure Shell (SSH) protocol and requires Ssh public/private key pairs.All passwords used by the system are randomly-generated 21-character strings containing letters, numbers and special characters.
Protection from Data Loss

We have one database that is mirrored on multiple servers in separate zones within the AWS system of servers. We don't separate any of the accounts and we do this for speed and cost.Application code resides on GitHub (http://github.com), a secure source-code management system that stores a complete versioned history of every change to every file in the project. Application data is backed up daily via two separate processes: a daily AWS snapshot of the disk volume containing the data, and a restorable snapshot that allows restoring data as recent as the previous 5 minutes.User files (images and attachments) are encrypted and backed up to S3 daily.Amazon RDS continuously copies all data from the master application database to an identical backup database server located in a different AWS availability zone. This provides a "hot standby" database that is at most a few seconds behind the primary database.

Application Level Security

FM Dashboard account passwords are encrypted. Our own staff can not even view them. If you lose your password, it can't be retrieved B it must be reset.All login pages from our website pass data vis SSLLogins via the FM Dashboard API use tokens and password protectionNote: The application level security is only as safe as you secure your end. Best practice is to never share passwords. Never share username or logins. Make passwords complex. Renew your password frequently. Lock your computer or at least log off of your FM Dashboard account when you computer or device is unattended.